Add SHA256 fingerprint support for both the normal exported fingerprints
(tls_digest_n -> tls_digest_sha256_n), as well as for --x509-track.
Also switch to using the SHA256 fingerprint instead of the SHA1 fingerprint
internally, in cert_hash_remember() / cert_hash_compare(). And instead of
updati
ACK.
Your patch has been applied to the master branch.
commit d54a2488a0b7a678817b50e1518d0f31397b2e7b
Author: Steffan Karger
List-Post: openvpn-devel@lists.sourceforge.net
Date: Thu May 5 15:02:27 2016 +0200
Remove trailing newline from verify callback error messages
Signed-off-by:
Add SHA256 fingerprint support for both the normal exported fingerprints
(tls_digest_n -> tls_digest_sha256_n), as well as for --x509-track.
Also switch to using the SHA256 fingerprint instead of the SHA1 fingerprint
internally, in cert_hash_remember() / cert_hash_compare(). And instead of
updati
Thank you for the help. Appreciate it.
On May 5, 2016 7:00 PM, "Steffan Karger" wrote:
>
> On 5 May 2016 3:24 p.m., "Shubham Chauhan"
> wrote:
> > So, what I get from this is that OpenVPN will do a ssl/tls handshake
> irrespective of the --cipher none option, because this configuration will
> on
On 5 May 2016 3:24 p.m., "Shubham Chauhan" wrote:
> So, what I get from this is that OpenVPN will do a ssl/tls handshake
irrespective of the --cipher none option, because this configuration will
only be used in the data channel. Is this right?
Yes.
> Also, will using --cipher none get me a faste
Hello. Thanks for the reply.
> Disabling crypto is possible, but not what OpenVPN was designed for.
> Also, disabling encryption (using --cipher) does not disable
> authentication (--auth) too. If you want to control the TLS crypto,
> use --tls-cipher. Note however that the TLS control channel i
Signed-off-by: Steffan Karger
---
src/openvpn/ssl_verify_mbedtls.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c
index a97161b..d018938 100644
--- a/src/openvpn/ssl_verify_mbedtls.c
+++ b/src/openvpn/ssl_verify_mbedtls.
Hi,
On Thu, May 5, 2016 at 12:26 PM, Shubham Chauhan
wrote:
> I had a doubt about the cipher none config in OpenVPN.
> I realized that OpenVPN initiates an SSL handshake, even if I choose not to
> use any encryption-decryption operations through the cipher none config. It
> chooses a particular c
Patch has been applied to the master branch.
commit 1ae17b7e97881ab57352b0bd525f15e6e9b60011
Author: Gert Doering
List-Post: openvpn-devel@lists.sourceforge.net
Date: Thu May 5 13:48:16 2016 +0200
Fix library order in -lmbedtls test.
Signed-off-by: Gert Doering
Acked-by: Steffa
On Thu, May 5, 2016 at 1:50 PM, Gert Doering wrote:
> --- a/configure.ac
> +++ b/configure.ac
> @@ -844,11 +844,11 @@ elif test "${with_crypto_library}" = "mbedtls"; then
>
> if test -z "${MBEDTLS_CFLAGS}" -a -z "${MBEDTLS_LIBS}"; then
> # if the user did not explicitly spe
Hi,
On Sun, May 01, 2016 at 08:23:06PM +0200, Steffan Karger wrote:
> When for some reason the dependencies of the compiled mbed TLS libaries
> (libmbedtls, libmbedcrypto and libmbedx509) are not correct, the configure
> script will fail to link against libmbedcrypto and/or libmbedx509. This
> is
Your patch has been applied to the master branch.
ACK from me as well, as it nicely shows the problem with our test certs
in the logs now
Thu May 5 12:53:54 2016 VERIFY ERROR: depth=0, subject=C=US, ST=California, L=P
leasanton, O=OpenVPN community project, CN=server, emailAddress=samuli@ope
Am 03.05.16 um 22:14 schrieb Steffan Karger:
> Instead of just printing the contents of the flags variable, try to
> convert it to a human-readable error string and print that instead.
>
> This will for example print "The certificate is signed with an
> unacceptable key (eg bad curve, RSA too shor
Your patch has been applied to the master branch.
commit 5c4acf3f7b2885270a9fb2d051a18759ab458c32
Author: Steffan Karger
List-Post: openvpn-devel@lists.sourceforge.net
Date: Thu May 5 11:02:13 2016 +0200
mbedtls: check that private key and certificate match on start
Signed-off-by: St
Am 05.05.16 um 11:02 schrieb Steffan Karger:
> Implement a long standing todo in the code, now that we use mbed TLS 2.x,
> which provides an interface for the check.
>
> v2: bail out immediately on failure.
>
ACK from me.
Arne
Hello,
I had a doubt about the cipher none config in OpenVPN.
I realized that OpenVPN initiates an SSL handshake, even if I choose not to
use any encryption-decryption operations through the cipher none config. It
chooses a particular cipher in the handshake as well.
Is it supposed to happen this
Implement a long standing todo in the code, now that we use mbed TLS 2.x,
which provides an interface for the check.
v2: bail out immediately on failure.
Signed-off-by: Steffan Karger
---
src/openvpn/ssl_mbedtls.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/s
17 matches
Mail list logo
